From ed4a9ae462a9c6c421b04d58cb8c32aae13c64d9 Mon Sep 17 00:00:00 2001 From: Fernando Lobato Date: Thu, 29 Aug 2024 16:05:05 -0700 Subject: [PATCH] Remove Crunchy Variant for X-AES-GCM PiperOrigin-RevId: 669094988 Change-Id: I6800f431228a4f5605d4fd2f5397cb006fb453b1 --- .../google/crypto/tink/aead/XAesGcmKey.java | 3 - .../crypto/tink/aead/XAesGcmParameters.java | 8 +- .../internal/XAesGcmProtoSerialization.java | 7 -- .../crypto/tink/aead/XAesGcmKeyTest.java | 22 ----- .../tink/aead/XAesGcmParametersTest.java | 33 ------- .../XAesGcmProtoSerializationTest.java | 90 ++++++------------- .../tink/aead/internal/XAesGcmTest.java | 31 ------- 7 files changed, 29 insertions(+), 165 deletions(-) diff --git a/src/main/java/com/google/crypto/tink/aead/XAesGcmKey.java b/src/main/java/com/google/crypto/tink/aead/XAesGcmKey.java index f352d57a..e1e58a04 100644 --- a/src/main/java/com/google/crypto/tink/aead/XAesGcmKey.java +++ b/src/main/java/com/google/crypto/tink/aead/XAesGcmKey.java @@ -51,9 +51,6 @@ private static Bytes getOutputPrefix( if (parameters.getVariant() == XAesGcmParameters.Variant.NO_PREFIX) { return OutputPrefixUtil.EMPTY_PREFIX; } - if (parameters.getVariant() == XAesGcmParameters.Variant.CRUNCHY) { - return OutputPrefixUtil.getLegacyOutputPrefix(idRequirement); - } if (parameters.getVariant() == XAesGcmParameters.Variant.TINK) { return OutputPrefixUtil.getTinkOutputPrefix(idRequirement); } diff --git a/src/main/java/com/google/crypto/tink/aead/XAesGcmParameters.java b/src/main/java/com/google/crypto/tink/aead/XAesGcmParameters.java index 759d6e2b..8ed500e6 100644 --- a/src/main/java/com/google/crypto/tink/aead/XAesGcmParameters.java +++ b/src/main/java/com/google/crypto/tink/aead/XAesGcmParameters.java @@ -23,15 +23,13 @@ /** Describes the parameters of an {@link XAesGcmKey} */ public final class XAesGcmParameters extends AeadParameters { /** - * Describes how the prefix is computed. For AEAD there are three main possibilities: NO_PREFIX - * (empty prefix), TINK (prefix the ciphertext with 0x01 followed by a 4-byte key id in big endian - * format) or CRUNCHY (prefix the ciphertext with 0x00 followed by a 4-byte key id in big endian - * format). + * Describes how the prefix is computed. For AEAD, there are two possibilities: either NO_PREFIX + * (empty prefix) or TINK (prefix the ciphertext with 0x01 followed by a 4-byte key id in big + * endian format). */ @Immutable public static final class Variant { public static final Variant TINK = new Variant("TINK"); - public static final Variant CRUNCHY = new Variant("CRUNCHY"); public static final Variant NO_PREFIX = new Variant("NO_PREFIX"); private final String name; diff --git a/src/main/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerialization.java b/src/main/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerialization.java index db0ae9ee..29db3e2c 100644 --- a/src/main/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerialization.java +++ b/src/main/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerialization.java @@ -78,9 +78,6 @@ private static OutputPrefixType toProtoOutputPrefixType(XAesGcmParameters.Varian if (Objects.equals(variant, XAesGcmParameters.Variant.TINK)) { return OutputPrefixType.TINK; } - if (Objects.equals(variant, XAesGcmParameters.Variant.CRUNCHY)) { - return OutputPrefixType.CRUNCHY; - } if (Objects.equals(variant, XAesGcmParameters.Variant.NO_PREFIX)) { return OutputPrefixType.RAW; } @@ -92,10 +89,6 @@ private static XAesGcmParameters.Variant toVariant(OutputPrefixType outputPrefix switch (outputPrefixType) { case TINK: return XAesGcmParameters.Variant.TINK; - /* Parse LEGACY prefix to CRUNCHY, since they act the same for this type of key */ - case CRUNCHY: - case LEGACY: - return XAesGcmParameters.Variant.CRUNCHY; case RAW: return XAesGcmParameters.Variant.NO_PREFIX; default: diff --git a/src/test/java/com/google/crypto/tink/aead/XAesGcmKeyTest.java b/src/test/java/com/google/crypto/tink/aead/XAesGcmKeyTest.java index c4f5c28b..283fe61e 100644 --- a/src/test/java/com/google/crypto/tink/aead/XAesGcmKeyTest.java +++ b/src/test/java/com/google/crypto/tink/aead/XAesGcmKeyTest.java @@ -54,18 +54,6 @@ public void buildTinkVariantAndGetProperties() throws Exception { assertThat(key.getIdRequirementOrNull()).isEqualTo(0x708090a); } - @Test - public void buildCrunchyVariantAndGetProperties() throws Exception { - SecretBytes keyBytes = SecretBytes.randomBytes(32); - XAesGcmParameters parameters = XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8); - XAesGcmKey key = XAesGcmKey.create(parameters, keyBytes, 0x0708090a); - assertThat(key.getParameters()).isEqualTo(parameters); - assertThat(key.getKeyBytes()).isEqualTo(keyBytes); - assertThat(key.getOutputPrefix()) - .isEqualTo(Bytes.copyFrom(new byte[] {0x00, 0x07, 0x08, 0x09, 0x0a})); - assertThat(key.getIdRequirementOrNull()).isEqualTo(0x708090a); - } - @Test public void wrongIdRequirement_throws() throws Exception { SecretBytes keyBytes = SecretBytes.randomBytes(32); @@ -74,11 +62,6 @@ public void wrongIdRequirement_throws() throws Exception { () -> XAesGcmKey.create( XAesGcmParameters.create(XAesGcmParameters.Variant.NO_PREFIX, 8), keyBytes, 1115)); - assertThrows( - GeneralSecurityException.class, - () -> - XAesGcmKey.create( - XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8), keyBytes, null)); assertThrows( GeneralSecurityException.class, () -> @@ -96,8 +79,6 @@ public void testEqualities() throws Exception { XAesGcmParameters parametersNoPrefix = XAesGcmParameters.create(XAesGcmParameters.Variant.NO_PREFIX, 12); XAesGcmParameters parametersTink = XAesGcmParameters.create(XAesGcmParameters.Variant.TINK, 12); - XAesGcmParameters parametersCrunchy = - XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 12); new KeyTester() .addEqualityGroup( "No prefix, keyBytes", @@ -113,9 +94,6 @@ public void testEqualities() throws Exception { XAesGcmKey.create(parametersTink, keyBytesCopy, 1907)) .addEqualityGroup( "Tink with key id 1908, keyBytes32", XAesGcmKey.create(parametersTink, keyBytes, 1908)) - .addEqualityGroup( - "Crunchy with key id 1907, keyBytes32", - XAesGcmKey.create(parametersCrunchy, keyBytes, 1907)) .doTests(); } } diff --git a/src/test/java/com/google/crypto/tink/aead/XAesGcmParametersTest.java b/src/test/java/com/google/crypto/tink/aead/XAesGcmParametersTest.java index 35f705c1..7f8d7d7e 100644 --- a/src/test/java/com/google/crypto/tink/aead/XAesGcmParametersTest.java +++ b/src/test/java/com/google/crypto/tink/aead/XAesGcmParametersTest.java @@ -28,7 +28,6 @@ public final class XAesGcmParametersTest { private static final XAesGcmParameters.Variant NO_PREFIX = XAesGcmParameters.Variant.NO_PREFIX; private static final XAesGcmParameters.Variant TINK = XAesGcmParameters.Variant.TINK; - private static final XAesGcmParameters.Variant CRUNCHY = XAesGcmParameters.Variant.CRUNCHY; @Test public void buildParameters_noPrefix() throws Exception { @@ -46,14 +45,6 @@ public void buildParameters_tink() throws Exception { assertThat(parameters.hasIdRequirement()).isTrue(); } - @Test - public void buildParameters_crunchy() throws Exception { - XAesGcmParameters parameters = XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8); - assertThat(parameters.getVariant()).isEqualTo(CRUNCHY); - assertThat(parameters.getSaltSizeBytes()).isEqualTo(8); - assertThat(parameters.hasIdRequirement()).isTrue(); - } - @Test public void buildParameters_invalidSaltSize_throws() throws Exception { assertThrows( @@ -84,16 +75,6 @@ public void testEqualsAndEqualHashCode_tink() throws Exception { assertThat(parametersTink0.hashCode()).isEqualTo(parametersTink1.hashCode()); } - @Test - public void testEqualsAndEqualHashCode_crunchy() throws Exception { - XAesGcmParameters parametersCrunchy0 = - XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 11); - XAesGcmParameters parametersCrunchy1 = - XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 11); - assertThat(parametersCrunchy0).isEqualTo(parametersCrunchy1); - assertThat(parametersCrunchy0.hashCode()).isEqualTo(parametersCrunchy1.hashCode()); - } - @Test public void testEqualsAndEqualHashCode_different() throws Exception { XAesGcmParameters parametersNoPrefix = @@ -101,27 +82,13 @@ public void testEqualsAndEqualHashCode_different() throws Exception { XAesGcmParameters parametersTink = XAesGcmParameters.create(XAesGcmParameters.Variant.TINK, 8); - XAesGcmParameters parametersCrunchy = - XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8); assertThat(parametersNoPrefix).isNotEqualTo(parametersTink); assertThat(parametersNoPrefix.hashCode()).isNotEqualTo(parametersTink.hashCode()); - assertThat(parametersNoPrefix).isNotEqualTo(parametersCrunchy); - assertThat(parametersNoPrefix.hashCode()).isNotEqualTo(parametersCrunchy.hashCode()); - assertThat(parametersTink).isNotEqualTo(parametersNoPrefix); assertThat(parametersTink.hashCode()).isNotEqualTo(parametersNoPrefix.hashCode()); - assertThat(parametersTink).isNotEqualTo(parametersCrunchy); - assertThat(parametersTink.hashCode()).isNotEqualTo(parametersCrunchy.hashCode()); - - assertThat(parametersCrunchy).isNotEqualTo(parametersNoPrefix); - assertThat(parametersCrunchy.hashCode()).isNotEqualTo(parametersNoPrefix.hashCode()); - - assertThat(parametersCrunchy).isNotEqualTo(parametersTink); - assertThat(parametersCrunchy.hashCode()).isNotEqualTo(parametersTink.hashCode()); - XAesGcmParameters parametersTinkWithDifferentSalt = XAesGcmParameters.create(XAesGcmParameters.Variant.TINK, 12); assertThat(parametersTink).isNotEqualTo(parametersTinkWithDifferentSalt); diff --git a/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerializationTest.java b/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerializationTest.java index 904ef65e..cdaeb52c 100644 --- a/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerializationTest.java +++ b/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerializationTest.java @@ -113,30 +113,6 @@ public void serializeParseParameters_tink() throws Exception { assertThat(parsed).isEqualTo(parameters); } - @Test - public void serializeParseParameters_crunchy() throws Exception { - XAesGcmParameters parameters = XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8); - - ProtoParametersSerialization serialization = - ProtoParametersSerialization.create( - "type.googleapis.com/google.crypto.tink.XAesGcmKey", - OutputPrefixType.CRUNCHY, - com.google.crypto.tink.proto.XAesGcmKeyFormat.newBuilder() - .setParams( - com.google.crypto.tink.proto.XAesGcmParams.newBuilder() - .setSaltSize(parameters.getSaltSizeBytes()) - .build()) - .build()); - - ProtoParametersSerialization serialized = - registry.serializeParameters(parameters, ProtoParametersSerialization.class); - assertEqualWhenValueParsed( - com.google.crypto.tink.proto.XAesGcmKeyFormat.parser(), serialized, serialization); - - Parameters parsed = registry.parseParameters(serialization); - assertThat(parsed).isEqualTo(parameters); - } - @Test public void serializeParseKey_noPrefix() throws Exception { XAesGcmKey key = @@ -207,41 +183,6 @@ public void serializeParseKey_tink() throws Exception { assertThat(parsed.equalsKey(key)).isTrue(); } - @Test - public void serializeParseKey_crunchy() throws Exception { - XAesGcmKey key = - XAesGcmKey.create( - XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8), - KEY_BYTES_32, - /* idRequirement= */ 123); - - com.google.crypto.tink.proto.XAesGcmKey protoXAesGcmKey = - com.google.crypto.tink.proto.XAesGcmKey.newBuilder() - .setVersion(0) - .setKeyValue(KEY_BYTES_32_AS_BYTE_STRING) - .setParams( - com.google.crypto.tink.proto.XAesGcmParams.newBuilder() - .setSaltSize(key.getParameters().getSaltSizeBytes()) - .build()) - .build(); - - ProtoKeySerialization serialization = - ProtoKeySerialization.create( - "type.googleapis.com/google.crypto.tink.XAesGcmKey", - protoXAesGcmKey.toByteString(), - KeyMaterialType.SYMMETRIC, - OutputPrefixType.CRUNCHY, - /* idRequirement= */ 123); - - ProtoKeySerialization serialized = - registry.serializeKey(key, ProtoKeySerialization.class, InsecureSecretKeyAccess.get()); - assertEqualWhenValueParsed( - com.google.crypto.tink.proto.XAesGcmKey.parser(), serialized, serialization); - - Key parsed = registry.parseKey(serialization, InsecureSecretKeyAccess.get()); - assertThat(parsed.equalsKey(key)).isTrue(); - } - @Test public void testParseKeys_noAccess_throws() throws Exception { com.google.crypto.tink.proto.XAesGcmKey protoXAesGcmKey = @@ -262,7 +203,7 @@ public void testParseKeys_noAccess_throws() throws Exception { } @Test - public void parseKey_legacy() throws Exception { + public void parseKey_legacy_fails() throws Exception { ProtoKeySerialization serialization = ProtoKeySerialization.create( TYPE_URL, @@ -276,10 +217,31 @@ public void parseKey_legacy() throws Exception { KeyMaterialType.SYMMETRIC, OutputPrefixType.LEGACY, 1479); - // Legacy keys are parsed to crunchy - Key parsed = registry.parseKey(serialization, InsecureSecretKeyAccess.get()); - assertThat(((XAesGcmParameters) parsed.getParameters()).getVariant()) - .isEqualTo(XAesGcmParameters.Variant.CRUNCHY); + // Legacy keys aren't supported + assertThrows( + GeneralSecurityException.class, + () -> registry.parseKey(serialization, InsecureSecretKeyAccess.get())); + } + + @Test + public void parseKey_crunchy_fails() throws Exception { + ProtoKeySerialization serialization = + ProtoKeySerialization.create( + TYPE_URL, + com.google.crypto.tink.proto.XAesGcmKey.newBuilder() + .setVersion(0) + .setKeyValue(KEY_BYTES_32_AS_BYTE_STRING) + .setParams( + com.google.crypto.tink.proto.XAesGcmParams.newBuilder().setSaltSize(8).build()) + .build() + .toByteString(), + KeyMaterialType.SYMMETRIC, + OutputPrefixType.CRUNCHY, + 1479); + // Crunchy keys aren't supported + assertThrows( + GeneralSecurityException.class, + () -> registry.parseKey(serialization, InsecureSecretKeyAccess.get())); } @Test diff --git a/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmTest.java b/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmTest.java index a6732593..81485deb 100644 --- a/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmTest.java +++ b/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmTest.java @@ -118,37 +118,6 @@ public void encryptDecrypt_withTinkVariant_differentOutputPrefix_fails() throws assertThrows(GeneralSecurityException.class, () -> xAesGcm.decrypt(ciphertext, associatedData)); } - @Test - public void encryptDecrypt_withCrunchyVariant() throws Exception { - byte[] outputPrefix = OutputPrefixUtil.getLegacyOutputPrefix(KEY_ID).toByteArray(); - Aead xAesGcm = - XAesGcm.create( - XAesGcmKey.create( - XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, SALT_SIZE_IN_BYTES), - SECRET_BYTES, - KEY_ID)); - - byte[] ciphertext = xAesGcm.encrypt(plaintext, associatedData); - - assertThat(Arrays.copyOfRange(ciphertext, 0, outputPrefix.length)).isEqualTo(outputPrefix); - } - - @Test - public void encryptDecrypt_withCrunchyVariant_differentOutputPrefix_fails() throws Exception { - Aead xAesGcm = - XAesGcm.create( - XAesGcmKey.create( - XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, SALT_SIZE_IN_BYTES), - SECRET_BYTES, - KEY_ID)); - - byte[] ciphertext = xAesGcm.encrypt(plaintext, associatedData); - byte[] outputPrefix = OutputPrefixUtil.getLegacyOutputPrefix(11111).toByteArray(); - System.arraycopy(outputPrefix, 0, ciphertext, 0, outputPrefix.length); - - assertThrows(GeneralSecurityException.class, () -> xAesGcm.decrypt(ciphertext, associatedData)); - } - @Test public void encryptDecrypt_withoutAadFails() throws Exception { Aead xAesGcm =